Dirk-Jan's blog

Today I recieved a strange message when I tried to open a RDP connection.

$ rdesktop windows.server.local
Autoselected keyboard map en-us
disconnect: No valid license available.

To resolve this issue you need to add the client hostname.

$ rdesktop -n hostname windows.server.local
Autoselected keyboard map en-us
WARNING: Remote desktop does not support colour depth 24; falling back to 16

This happens with rdeskop version 1.6.0 on Fedora 11 (rdesktop-1.6.0-4.fc11.x86_64).

This website was served by an old timer PC running on an Intel N440BX Server Board codename Nightshade. Despite being a rock solid system, it housed a dual Intel Pentium III 600Mhz processor configuration which did not meet today’s performance demands and energy consumption.
So I decided to build a new computer system that was a little bit faster and more energy efficient than it’s predecessor and thus environmentally friendly.

After doing some research I decided to go for the following setup:

• Antec NSK3480 MicroTower, EarthWatts 380 Watt PSU
• Intel Desktop board D945GCLF2, Atom 330
• Kingston ValueRam 2GB DDR2 533MHz C4
• 2 Western Digital AV-GP Green 1TB, 5400~7200rpm, 8MB, SATA2
• 2 Serial ATA II Cable, 0.75m
• Scythe Mini Kaze Ultra 40mm x 20mm

The Antec casing comes with an energy efficient PSU. It’s 80 PLUS® certified and is equipped with a built-in active PFC to make the PSU reduce electrical waste and protect the environment.

As some reviews at silentpcreview.com stated, the stock cooler on the chipset is not that quite as you would expect. I decided to replace the 40mm x 10mm stock cooler with the Scythe Mini Kaze Ultra 40mm x 20mm. Because the motherboard sits inside a MicroTower there was space enough to put the Mini Kaze Ultra on top of the heatsink as you can see on the pictures below.

As expected there’s nearly no noise coming from the system. The case itself is designed to do noise cancellation with it’s dual chamber structure, and the new cooler only whispers silently. Besides doing a nice quite job it also makes a difference at it’s cooling task. That’s because it’s 10mm higher then the stock cooler.

Temperatures with the stock cooler:

1. Chip Temp: +33.0°C
2. CPU Temp: +43.0°C
3. Sys Temp: +38.0°C

Temperatures with the Scythe Mini Kaze Ultra cooler:

1. Chip Temp: +31.0°C
2. CPU Temp: +41.0°C
3. Sys Temp: +36.0°C

I’ve planned to do an energy consumption test in the coming days.

When using WordPress version 2.5.1 (Debian Lenny package) it is not possible to add/upload media using the “Add media” button in the editor. If you click on Add an image, a new window appears where you should have the option buttons “Browse” and “Upload”, but they’re gone. What’s left is a “Choose files to upload” button that won’t do anything.

I have experienced this problem when using Mozilla Firefox 3.0.14 on Linux with the Shockwave Flash add-on enabled.

Workaround: When this add-on is disabled the add media problem will not occur. To disable the add-on, open Firefox and go to ‘Tools’ -> ‘Add-ons’ and select disable Shockwave Flash.

Last weekend I installed the upgraded version of Leopard on my Mac mini. The installation went successfully but took a long time to complete. At first nothing seemed to be broken, but soon I discovered the loss of my NFS shares. So I started to look for the Directory Utility, because that was the tool I used for auto mounting my NFS shares in Leopard. After a little digging, I found out that I needed to re-add them using Disk Utility.

- Inside Disk Utility, click File then NFS Mounts..

So if you’re looking for your lost NFS shares you now know what to do.

Last week I’ve spend some time doing an Asterisk PBX setup at home. Because I like the technique and my girlfriend likes to use the phone I decided to build my own PBX (Private Branch Exchange). In other words a telephone exchange. So doing some research I figured out what the requirements where and came up with the following components:
- a SIP provider
- a SIP compliant phone
- Asterisk PBX software
- an Internet connected Linux server running 24/7

As for the SIP provider I chose the Budgetphone company because they support Asterisk and you get a local area number on which you can be called.

On my search for a suitable phone selected the Siemens Gigaset A580 IP. The main reasons I chose this phone where:
- it’s a hybrid phone so you can use POTS and or VOIP
- it’s energy efficient by using multiple energy-saving technologies
- it’s in a affordable price range

The installation of Asterisk was a piece of cake. Being a very happy user of Debian Linux, I installed the pre-compiled package from the Debian repository by executing the following command:

# apt-get install asterisk asterisk-sounds-main

In my case the Asterisk server has a public ip-address, and the phone base station is located in private ip space behind a NAT router.

Below you’ll find the Asterisk configuration. This configuration is known to work on Asterisk version 1.4.21.2~dfsg-3. In my case all configuration files reside in ‘/etc/asterisk/’.

sip.conf:

[general]
context=default
subscribemwi=yes
allowoverlap=no
bindport=5060
bindaddr=0.0.0.0
srvlookup=yes
disallow=all
allow=alaw
allow=ulaw
allow=g726
allow=ilbc
allow=gsm
language=us
dtmfmode = auto

register => 31123456789@sip1.budgetphone.nl:***:31123456789@sip1.budgetphone.nl/101

[31123456789]
type=friend
context=from-budgetphone
host=sip1.budgetphone.nl
fromuser=31123456789
fromdomain=sip1.budgetphone.nl
username=31123456789
insecure=very
secret=***
qualify=yes
port=5060

[phone]
type=friend
context=internal
host=dynamic
nat=yes
callerid="Home phone"
canreinvite=no
qualify=yes
secret=password
mailbox=1001

extensions.conf:

[general]
static=yes
writeprotect=no
clearglobalvars=no

[globals]
INT1=SIP/phone
OUTBOUNDTRUNK=SIP/31123456789

[from-budgetphone]
exten => 101,1,Dial(${INT1},28)
exten => 101,n,GotoIf($["${DIALSTATUS}" = "BUSY"]?busy:unavail)
exten => 101,n(unavail),VoiceMail(1001@default,u)
exten => 101,n,Hangup()
exten => 101,n(busy),VoiceMail(1001@default,b)
exten => 101,n,Hangup()

[internal]
; internal number
exten => 1001,1,Dail(${INT1})
; voicemail number
exten => 700,1,VoiceMailMain()
; external numbers
exten => _XXXX.,1,Set(CALLERID(all)=31123456789)
exten => _XXXX.,2,Dial(${OUTBOUNDTRUNK}/${EXTEN})
exten => _XXXX.,3,Hangup()

voicemail.conf

[general]
format=wav49|gsm|wav
serveremail=asterisk
attach=yes
skipms=3000
maxsilence=10
silencethreshold=128
maxlogins=3
emaildateformat=%A, %B %d, %Y at %r
sendvoicemail=yes

[zonemessages]
eastern=America/New_York|'vm-received' Q 'digits/at' IMp
central=America/Chicago|'vm-received' Q 'digits/at' IMp
central24=America/Chicago|'vm-received' q 'digits/at' H N 'hours'
military=Zulu|'vm-received' q 'digits/at' H N 'hours' 'phonetic/z_p'
european=Europe/Copenhagen|'vm-received' a d b 'digits/at' HM

[default]
1001 => 1234,Your name,user@domain.net,,tz=european

When done editing those files, you need to connect to the Asterisk CLI (Command Line Interface) by using the following command:

# asterisk -r

Set the verbosity level to 10:

*CLI> core set verbose 10

To reload the new configuration issue:

*CLI> reload

To see if the SIP services have registered succesfully issue:

*CLI> sip show peers

I needed to configure the next fields in the base station configuration to get the phone registered with Asterisk. Go to ‘settings’ -> ‘telephony’ -> ‘connections’ -> ‘edit’ -> ‘show advanced settings’.
- Authentication Name: phone
- Authentication password: *******
- Username: phone

- Domain: local
- Proxy server address: Asterisk server ip
- Registrar server: Asterisk server ip

To make the MWI (Message Wait Indicator) work on the handset you need to follow the next steps:
Web browse to the Siemens phone web interface, go to ‘settings’ -> ‘telephony’ -> ‘Network Mailbox’. For the connection you want MWI with, enter the voicemail access number into the ‘Call Number’ box, in my case 1001 and tick the ‘Active’ box. This will make the Siemens phone subscribe to the mailbox status.

Have fun!

UPDATE: Since the upgrade of my server system Debian Lenny (asterisk 1.4) to Debian Squeeze (asterisk 1.6) incoming calls were not coming through. After some searches I found out one parameter needed to change at the sip.conf file.

insecure=port,invite

Recently I have a personal certificate also known as a Digital ID on a smart card (Aladdin eToken) to access a secure web service. While installing the certificate I noticed it is also possible to use it to digitally sign and encrypt email with the same certificate, so I fired up Thunderbird and added the PCKS#11 security device to configure signing using S/MIME. See the steps below.

“PKCS#11 is one of the family of standards called Public-Key Cryptography Standards (PKCS), published by RSA Laboratories. It defines a platform-independent API to cryptographic tokens, such as Hardware Security Modules (HSM) and smart cards.” (Source: http://en.wikipedia.org/wiki/PKCS11)

I assume you already have installed the eToken software. In case you haven’t, take a look at this article I wrote earlier.

Open Thunderbird and go to Preferences -> Advanced -> Encryption -> Security Devices

Click on “Load” and enter a Module name or choose the default like I did, which is “New PKCS#11 Module” and browse for the ‘libeTPkcs11.so’ library. This file probably sits in ‘/usr/lib’ or ‘/usr/lib64′. Be sure to pick the right one, because you need the 64bit version if you’re using 64bit Firefox.

Open Account Settings -> Security

Select the certificate on your smart card you like to use.

Thunderbird and Firefox are not bundled with the needed CA’s to support GlobalSign PersonalSign Class 2 out-of-the-box. You have to Import the GlobalSign Primary Class 2 CA (http://secure.globalsign.net/cacert/PrimClass2.crt) and GlobalSign PersonalSign Class 2 CA (http://secure.globalsign.net/cacert/PersonalSignClass2.crt) to make it work in Thunderbird, otherwise you’ll notice you’re not able to send digitally signed email.

Using the wireless functionality of the Cisco 877W router I discovered that the wireless connection being disconnected en reconnected intermittently. At fist I thought it might be my Linux notebook doing wierd things, but as other wireless clients acting the same I suspected my new broadband router. Looking at the router log it appears that Cisco IOS reports “CCKM authentication failed”, in which CCKM stands for Cisco Centralized Key Management.

%DOT11-7-CCKM_AUTH_FAILED: Station 0016.44d7.xxxx CCKM authentication failed

So I started searching the web for this particular error message. As I found out more people have reported it and some were suggesting raising the broadcast key change interval, but that didn’t work for me. Also downgrading the IOS software was mentioned, but hey I don’t like to downgrade so I upgraded to a more up to date IOS version and the problem seems to be fixed! The last two days since the upgrade there are no more annoying dis- and reconnects. It starting to look like Cisco has done a good job!

I did the upgrade from IOS version c870-advipservicesk9-mz.124-22.T.bin to c870-advipservicesk9-mz.124-24.T1.bin.

Beware of IOS version c870-advipservicesk9-mz.124-24.T.bin, this one seems to be unstable.

This will most certainly apply to the complete Cisco 870 series.

To make the eToken PKI 5.0 client work on my 64bit Fedora 11 workstation with the 32bit version of the Aladdin eToken middle ware I had to install the following packages: hal-libs.i586, libusb.i586, openct.i586, pcsc-lite-openct.i586, pcsc-lite-libs.i586, pcsc-lite.i586 and dependencies.

# rpm -ivh pkiclient-5.00.28-0.i386.rpm
Preparing...                ########################################### [100%]
   1:pkiclient              ########################################### [100%]
Adding eToken security provider....done.
Starting PC/SC smart card daemon (pcscd): [  OK  ]
PKI Client installation completed.
#

If you don’t install the 32bit version of the packages, the installation of the pkiclient software will result in a error. The pkiclient software does need one of the following bundle dirs ‘/usr/lib/readers’ or ‘/usr/lib/pcsc/drivers’, or else it will exit with the error message below.

# rpm -ivh pkiclient-5.00.28-0.i386.rpm
Preparing...                ########################################### [100%]
Error: cannot find pcsc-lite bundles directory.
error: %pre(pkiclient-5.00.28-0.i386) scriptlet failed, exit status 11
error:   install: %pre scriptlet failed (2), skipping pkiclient-5.00.28-0
#

Do not try to add the eToken as a security device in Firefox or Thunderbird as you’re probably running the 64bit version of the applications. The 64bit applications refuse to load the 32bit ‘libeTPkcs11.so’, you’ll be prompted with a message “Unable to add module”.
I have requested the 64bit version of the middle ware, which should make things easier.